diff --git a/CHANGELOG b/CHANGELOG
index d608260..311bf47 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,8 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
 
 ### Changed
 
+* IS_EVOMAINTENANCE_FW : warn only if HOOK_DB is enabled
+
 ### Fixed
 
 * IS_TMPUSRRO : improve grep for options detection
diff --git a/evocheck.sh b/evocheck.sh
index 5ec164b..d5014e7 100755
--- a/evocheck.sh
+++ b/evocheck.sh
@@ -444,9 +444,10 @@ check_squid() {
 }
 check_evomaintenance_fw() {
     if [ -f "$MINIFW_FILE" ]; then
+        hook_db=$(grep -E '^\s*HOOK_DB' /etc/evomaintenance.cf | tr -d ' ' | cut -d= -f2)
         rulesNumber=$(grep -c "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s .* -m state --state ESTABLISHED,RELATED -j ACCEPT" "$MINIFW_FILE")
-        if [ "$rulesNumber" -lt 2 ]; then
-            failed "IS_EVOMAINTENANCE_FW" "missing evomaintenance rules in minifirewall"
+        if [ "$hook_db" = "1" ] && [ "$rulesNumber" -lt 2 ]; then
+            failed "IS_EVOMAINTENANCE_FW" "HOOK_DB is enabled but missing evomaintenance rules in minifirewall"
         fi
     fi
 }